INC-144591 · Issue 601614
Oauth and beanutils jars upgraded
Resolved in Pega Version 8.3.5
The third party Oauth2 jars and commons-beanutils jar have been updated to the latest versions.
INC-134808 · Issue 590713
Property check handling updated for Ajax requestor
Resolved in Pega Version 8.3.5
SECU0001 alerts were seen when submitting a case in the interaction portal. Logging indicated the errors were related to the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties which are included in an Ajax request when they exist in the DOM and the 'pyGeolocationTrackingIsEnabled' when rule is true. The error was traced to a condition where a new thread request results in an unexpected property check that encounters a clipboard which doesn't have any pages created for that thread. To resolve this, the 'pxRequestor.pyLatitude' and 'pxRequestor.pyLongitude' properties have been added to an allow list to handle the unexpected properties check.
INC-140101 · Issue 597636
System will attempt to decrypt data ending in "+"
Resolved in Pega Version 8.3.5
Encrypting and decrypting one specific email address was not working properly when showing on the UI. It was possible to force a decryption using decryptproperty, but Pega generated an error. This was due to the actual encrypted value ending with '+', which conflicted with a system check that skips decryption if the encrypted property value ends with + . To resolve this, the system will attempt to decrypt the property even when encryptedText ends with + .
INC-137874 · Issue 599130
Cross-site scripting update for Dev Studio
Resolved in Pega Version 8.3.5
Cross Site Scripting (Cross-site scripting) protections have been added to Developer Studio.
INC-139705 · Issue 595169
Documentation update for Security Settings for DX API
Resolved in Pega Version 8.3.5
Information on the pyDXAPIEncodeValues application setting has been added to the Security Settings for DX API article under the Application settings sub-section. The Pega Platform version that supports the pyDXAPIEncodeValues application setting is mentioned in the Supported UI capabilities article.
INC-119646 · Issue 563696
RemovePrivateBlockedAndWithdrawnRAQs updated to avoid exception
Resolved in Pega Version 8.4.2
If the method removePrivateBlockedAndWithdrawnRAQs() (present on the AgentRuleUtils.java class) had both the "ignore personal rulesets containing checked out files" and "ignore "Blocked or Withdrawn agent" conditions set, raqsItr.remove(); ran twice and resulted in a java.lang.IllegalStateException. This could lead to undesired outcomes such as agents not showing up properly. To correct this, the code has been refactored to avoid running raqsItr.remove(); more than the necessary number of times.
INC-125193 · Issue 561461
Processed in last hour generated correctly
Resolved in Pega Version 8.4.2
After upgrade, the 'Processed in last hour' for pyFTSIncrementalIndexer (or any other queue processor) did not show the totals processed. This was traced to an error in a declare expression rule, and has been corrected.
INC-128654 · Issue 567410
Queue processor handling updated
Resolved in Pega Version 8.4.2
After upgrade, the queue processors were not processing all the items in the queue, however the value under the 'number of items processed in the last hour' in the Admin studio showed the value was equal to the total number of items in the queue. This was traced to the an incorrect offset kept by the queue processor in the data table (Data-QueueProcessor-Run-Partition). Because the incoming messages from Kafka have a lower offset than the one kept by the queue processor, messages were treated as duplicates and not processed. This has been resolved by adding a partitions-validation mechanism on QP startup. To assist in proper handling, any messages identified as potentially already processed will be moved to the broken messages queue.
SR-D85839 · Issue 550939
Support added for custom Kafka connection properties
Resolved in Pega Version 8.4.2
An enhancement has been added to allow specifying custom Kafka connection properties in the Data-Admin-Kafka data instance to allow connections to external Kafka through the common client configs, ssl configs, and sasl configs.
INC-100288 · Issue 555466
Declaratives disabled during startup
Resolved in Pega Version 8.4.2
Declaratives firing before the engine is fully up can lead to null pointer errors. In order to avoid this condition, declaratives will be disabled during startup so that unnecessary operations can be avoided and system can be started faster.